See Amazon tutorial: Getting Started with Amazon EC2 Linux Instances
See Amazon tutorial: Installing a LAMP Web Server on Amazon Linux
From the console or the AWS CLI, create new security group for FTP access and attach to EC2 instance (optional) or edit an existing security group attached to EC2 instance. Next, add new inbound rules to allow access via FTP ports.
| Type | Protocol | Port Range | Source |
|---|---|---|---|
Custom TCP Rule |
TCP |
20 - 21 |
0.0.0.0/0 |
Custom TCP Rule |
TCP |
1024 - 1048 |
0.0.0.0/0 |
Source
0.0.0.0/0opens the port to any IPv4 address. To restrict access to a specific IP address, replace0.0.0.0/0with your address, e.g.www.xxx.yyy.zzz/32
SSH into EC2 instance (tutorial) and install vsftpd:
$ sudo yum install vsftpd
Use Linux's nano tool to open and edit vsftpd.conf from the command line:
$ sudo nano /etc/vsftpd/vsftpd.conf
Change anonymous_enable from YES to NO (optional). This will disable anonymous FTP users:
anonymous_enable=NO
Set chroot_local_user to YES (optional). This will restrict users to their home directories for security. This line may already exist but is commented out with #:
chroot_local_user=YES
Add the following to the end of the file. Replace <YOUR_IP> with the public IP of your EC2 instance:
pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=<YOUR_IP>
Change the default FTP upload folder (optional). Add the following to the end of the file:
local_root=/var/www/html
Note that you may need to use chmod to change file permissions and allow FTP users to read and write to this folder:
$ sudo find /var/www/html -type d -exec chmod 777 {} \;
Start vsftpd service:
$ sudo /etc/init.d/vsftpd start
Set vsftpd service to automatically run when restarting server:
$ sudo chkconfig --level 345 vsftpd on
Add FTP user with adduser. Replace <USERNAME> with the new username to be added:
$ sudo adduser <USERNAME>
Add password for user with passwd:
$ sudo passwd <USERNAME>
Restrict user's access to a specific folder (optional). Restrict access to folder then add to www group to allow access to /var/www folder:
$ sudo usermod -d /var/www/html <USERNAME>
$ sudo usermod -a -G www <USERNAME>
Restrict users to a folder of their own name (optional). With this setup, test-user can only write to /var/www/html/test-user. Define a variable for the username then change the local_root to reflect the desired path:
$ sudo nano /etc/vsftpd/vsftpd.conf
user_sub_token=$USER
local_root=/var/www/html/$USER
$ sudo /etc/init.d/vsftpd restart
To change the root directory for a specific user: https://unix.stackexchange.com/questions/83221/how-to-create-a-ftp-user-with-specific-dir-access-only-on-a-centos-linux-ins